Antivirus programs are computer tools for detecting and removing viruses

Apparently, the creators of the first computers could never assume that in time there will be security threats to the system itself and user data stored in the device's memory. But ... they appeared, which necessitated the creation of effective means of protection, which later became known as "antivirus programs." The list of the most famous and powerful packages will be presented below. In the meantime, let us dwell on an understanding of what computer viruses are, and how they can be identified, isolated or deleted.

Antivirus programs: what is it? A bit of history

So, what are the viral threats and the means of combating them? If you look at those distant times when computer technologies only began to develop, viruses usually represented executable files (.exe, .bat, etc.), the launch of which activated the built-in codes and commands that allowed to damage computer systems.

Unlike modern viral applets, they worked only after the activation of the corresponding files by the user, and their actions were mainly aimed at disrupting the operation of the operating system. Thus, initially antiviruses protected only the system, but not the information.

Subject of protection

Today, such threats are less common. The priority for viruses is spying, stealing confidential data, extorting money. However, various types of advertising modules fall into the category of viruses, which can be activated in the system and cause inconvenience of work, for example, on the Internet.

Actually, the ways of penetration of threats into computer systems have changed quite strongly. For the most part this is connected with the Internet. You can rarely find viruses on removable media. However, their behavior is also very different from what was before. They can masquerade as official programs or system services, penetrate the system under the guise of standard libraries containing executable codes, create their own copies, and so on.

After activation, it is very difficult to track such actions, so it is recommended to install an antivirus program, regardless of whether the user is connected to the Internet. The consequences can be the most disastrous, for example, the loss of money from a card account. Such confidential information, like logins and passwords for access to financial services or secret developments, is now in demand more than ever. How can you not remember the famous expression that the one who owns the information owns the world?

Types of viruses

It goes without saying that viruses and antivirus protection are closely interrelated. That's just the main problem is that viruses are always one step ahead of the security software. It's no wonder, because today they grow on the Internet as mushrooms after the rain, and developers of means to counteract such threats simply do not keep up with them.

What are the newly emerged encryption viruses that, when they penetrate computers, instantly encrypt user information using 1024-bit algorithms, although the antivirus labs just came up to the possibility of countering 128-bit encryption. But the methods of forecasting are also there.

So, what do we have today? It is believed that the most common at the present stage of computer technology development are the following types of viruses:

• Bootable;
• File;
• Boot-file;
• Documentary;
• Network.

By type of work they are divided into resident and non-resident. The only difference is that the resident virus can remain in the memory of the machine after the associated application or service is terminated, and the non- resident virus functions exclusively only during the program's lifetime.

The main types of threats are considered to be the following:

• Parasites;
• Worms;
• Trojans;
• Rootkits;
• Invisibility;
• Self-encrypting viruses;
• Matting viruses without a permanent signature;
• Resting viruses with an incubation period before the onset of exposure;
• Advertising modules;
• Keyloggers;
• Encryptors;
• Extortionists, etc.

And this is only a small part of what should be able to detect and neutralize anti-virus programs. This, unfortunately, for many of the simplest free packages is, to put it mildly, an impossible task. But for a complete understanding of everything that is connected with antivirus software, first we will understand the principles of its work and methods for identifying existing or potential threats.

Technologies for identifying potential threats

First of all, we note that the majority of today's known anti-virus applications rely on the so-called virus signature bases. In other words, these are data that contain examples of structures of such threats and conclusions about their behavior in the infected system.

Such databases are updated almost hourly and in the anti-virus packages themselves, and on remote development servers. In the second case, this is due to the emergence of new threats. A huge advantage of such databases is that based on the available analysis results, it is possible to simply define new potentially dangerous elements that are not available in signature databases. Thus, it can be said that antivirus programs are entire complexes consisting of the main software packages, virus bases and means of interaction between them.

Signature analysis

If we talk about the methodology used in the definition of threats, one of the first places is the signature analysis, which consists in comparing the structure of the virus file with the existing template or previously defined schemes, which is inextricably linked with heuristic analysis.

To identify potential threats, this thing is simply indispensable, although there is no 100% guarantee of determining the threat to modern viruses.

Varieties of probabilistic tests

Another technology that is used by almost all known to date protective packages (for example, the anti-virus "Doctor Web", "Kaspersky" and many others), is to identify the threat based on its structural form and behavior in the system.

It has three branches: heuristic and behavioral analysis and a method for comparing checksums of files (most often used to detect viruses that can masquerade as system services and innocuous programs). Here you have a comparison of the built-in codes, and analysis of the impact on the system, and much more.

But the most powerful tool is considered to be the comparison of checksums, which makes it possible to identify a potential threat in 99.9% of cases out of 100.

Proactive Defense

One of the methods for predicting potential threats is proactive protection. Such modules are available in most antivirus programs. But about the expediency of its application, there are two diametrically opposed opinions.

On the one hand, it seems possible to identify a potentially unsafe program or file based on signature and probabilistic analysis. But on the other - with this approach, a false alarm is often displayed even with the blocking of legitimate applications and programs. Nevertheless, as part of the overall technology, this technique is used almost everywhere.

The most well-known anti-virus programs: List

Now, perhaps, we will pass to the antivirus programs directly. Needless to say, we can not cover all of them, so we limit ourselves to the most famous and powerful ones and consider antivirus computer programs that include both commercial and free software.

Among all this huge amount, one can separately identify the following packages:

• Antivirus products of Kaspersky Lab;
• Anti-virus "Doctor Web" and its accompanying software products ;
• Anti-virus packages ESET (NOD32, Smart Security);
• Avast;
• Avira;
• Bitdefender;
• Comodo Antivirus;
• 360 Security;
• Panda Cloud;
• AVG Antivirus ;
• Microsoft Security Essentials;
• Software products McAffe;
• Symantec products;
• Antiviruses from Norton;
• Optimizers with built-in anti-virus modules like Advanced System Care, etc.

Naturally, here you can find three types of programs:

• Fully free (free);
• Shareware-version, or "trial antivirus") with a trial period of about 30 days;
• Commercial products (paid), requiring the purchase of a license or a special activation key.

Free, shareware and paid versions of packages: what's the difference?

Speaking of different types of applications, it is worth noting that the difference between them is not only that one needs to pay for or activate them, but others do not. The essence is much deeper. For example, a trial antivirus, as a rule, only works for 30 days and gives the user an opportunity to evaluate all its features. But after this period, it can either be turned off completely, or block some important security modules.

It is clear that after the trip, there can be no talk about any protection. But in the second case, the user, roughly speaking, gets such a lightweight (Lite) antivirus, the free version of which does not have a full set for detecting threats and has only the most necessary to detect and neutralize viruses either in the already infected system or at the stage of their penetration. But, as practice shows, such scanners are able to skip not only potentially dangerous programs, scripts or applets, but sometimes they do not even recognize existing viruses.

The simplest methods for updating databases and software

As for the update, in all packages, these processes are fully automated. In this case, there is an update of the signature database, and the modules of the program itself (especially this applies to commercial products).

However, for some programs you can use special free keys that activate absolutely all functions of the package for a certain period of time. For example, NOD32, ESET Smart Security, Kaspersky Lab's programs and many others work on this principle. It's enough just to enter a special login and password so that the program will work in full force. Sometimes it may be necessary to convert such data into a license code. But this problem is solved with the help of official developer sites, where the whole operation takes a couple of seconds.

What to choose for the user?

As can be seen from the above, antivirus programs are rather complex systems, not of a local nature, but consisting of many modules, between which there must be direct interaction (signature bases, program modules, scanners, firewalls, analyzers, "doctors" for removing malicious Codes from infected objects, etc.).

As for the choice, it is certainly not recommended to use primitive programs or free versions of commercial products that are suitable only for home installation, and only if the Internet does not come from such a terminal for complete complex protection. Well, for entire computer systems with branched local connections, there's no doubt that you'll have to buy official licensed releases of such software. But then, if not completely, then at least to a very large extent you can be sure of the security of both the system and the data stored in it.